From c94a473e7580ec49ae46c3f9fc229f1d424b2413 Mon Sep 17 00:00:00 2001 From: Bernhard Posselt Date: Sat, 4 Oct 2014 13:55:49 +0200 Subject: fix php-fpm issues --- CHANGELOG.md | 1 + README.md | 2 -- articleenhancer/xpatharticleenhancer.php | 15 ++++++++------- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3c5cf2f62..42baf1e70 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ owncloud-news (3.301) * **New dependency**: ownCloud >= 7.0.3 +* **Security**: Fix possible [XEE](https://www.owasp.org/index.php/XML_External_Entity_(XXE)_Processing) due to race conditions on php systems using **php-fpm** * **Bugfix**: Fix issue that prevented going below 1 unread count in the window title * **Enhancement**: Show a button to refresh the page instead of reloading the route for pull to refresh diff --git a/README.md b/README.md index 6cdda5fcd..7391e3b0a 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,6 @@ are listed on the [ownCloud apps overview](https://github.com/owncloud/core/wiki * PHP >= 5.4 * libxml >= 2.7.8 (2.9 recommended) * php-curl -* **NO PHP-FPM (FastCGI Process Manager)** ## Supported Browsers * Firefox (Desktop, Android, Firefox OS) @@ -32,7 +31,6 @@ are listed on the [ownCloud apps overview](https://github.com/owncloud/core/wiki * SQLite * MySql - ## Bugs ### Before reporting bugs diff --git a/articleenhancer/xpatharticleenhancer.php b/articleenhancer/xpatharticleenhancer.php index 3edaad695..c80e0c92d 100644 --- a/articleenhancer/xpatharticleenhancer.php +++ b/articleenhancer/xpatharticleenhancer.php @@ -70,9 +70,9 @@ class XPathArticleEnhancer implements ArticleEnhancer { $dom = new \DOMDocument(); - $loadEntities = libxml_disable_entity_loader(true); - @$dom->loadHTML($body); - libxml_disable_entity_loader($loadEntities); + Security::scan($body, $dom, function ($xml, $dom) { + return @$dom->loadHTML($xml, LIBXML_NONET); + }); $xpath = new \DOMXpath($dom); $xpathResult = $xpath->evaluate($search); @@ -136,12 +136,13 @@ class XPathArticleEnhancer implements ArticleEnhancer { $dom->preserveWhiteSpace = false; // return, if xml is empty or loading the HTML fails - $loadEntities = libxml_disable_entity_loader(true); - if( trim($xmlString) == "" || !@$dom->loadHTML($xmlString) ) { - libxml_disable_entity_loader($loadEntities); + $isLoaded = Security::scan($xmlString, $dom, function ($xml, $dom) { + return @$dom->loadHTML($xml, LIBXML_NONET); + }); + + if( trim($xmlString) == "" || !$isLoaded ) { return $xmlString; } - libxml_disable_entity_loader($loadEntities); // remove removeChild($dom->firstChild); -- cgit v1.2.3